...then you're not paying attention to the ice under the ocean. It's not news that HHS will probably investigate and hold accountable those covered entities and business associates that fail to protect their patients' information. The more-often significant payout these healthcare organizations suffer is in the civil courts.
First up is Dental Care Alliance, who reportedly reached a $3 million proposed settlement following a 2020 breach affecting 225,000 patients. The plaintiffs claimed a failure to implement reasonable cybersecurity measures to safeguard consumer information and to monitor those systems. This case was settled outside of court and we read that DCA denies all wrongdoing.
We were surprised to read that plaintiffs involved with the Salinas Valley Memorial Healthcare System (Salinas) 2020 breach agreed to "up to a $340K settlement". It could be that the settlement, reportedly also reached out of court, saved both parties additional litigation expenses.
In both cases, we assume that lawyers were paid and LOTS of monies may be paid out that could have gone to healthcare or to strengthening information services security. Criminals are going to keep trying and phishing email accounts remains a primary attack vector. We can help your organization perform and document phishing training, hopefully preventing a real phishing attack from working.
Stay (HIPAA) safe, Alan -